Forum Discussion
NimbostratusAdding Application Security Policy using tmsh
To "reverse engineer" the TMSH configuration settings that correspond to a particular GUI setting, you can list the object from TMSH first, make the change via the GUI, then list the object from TMSH again to view the differences. For example, I added an application security policy to a virtual server from the GUI, and below are the "before" and "after" pictures...
Here's the virtual server configuration before adding the ASM security policy. Note the current profiles settings and the lack of a policies setting:
ltm virtual http_vs {
creation-time 2018-10-12:09:07:49
destination 10.10.4.100:http
ip-protocol tcp
last-modified-time 2018-11-02:13:51:42
mask 255.255.255.255
pool http_pool
profiles {
http { }
httpcompression { }
tcp { }
}
rules {
test
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vs-index 53
}
Here's the configuration after adding the policy named my_security_policy to the virtual server. Notice the addition of the "profiles" named ASM_my_test_policy and websecurity. Also, notice the addition of the local traffic policy named asm_auto_17_policy__http_vs.
ltm virtual http_vs {
creation-time 2018-10-12:09:07:49
destination 10.10.4.100:http
ip-protocol tcp
last-modified-time 2018-11-02:13:27:25
mask 255.255.255.255
policies {
asm_auto_l7_policy__http_vs { }
}
pool http_pool
profiles {
ASM_my_test_policy { }
http { }
httpcompression { }
tcp { }
websecurity { }
}
rules {
test
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
vs-index 53
}
There may be other ASM database settings at play but this should give you enough to be able to assign the security policy (and the local traffic policy) to the virtual server from tmsh.
